aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/src
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2016-08-29 13:07:57 +0200
committerHans Nilsson <[email protected]>2016-08-29 16:51:52 +0200
commit85fc9764cee4ba48bb6cac71efc400415508e0d0 (patch)
treeea3f46bb3b7e85b47ffddbfeb0b7bd16b6db5e96 /lib/ssh/src
parent912f701dde1aa24e81de6fa37dfec5de8f8c989d (diff)
downloadotp-85fc9764cee4ba48bb6cac71efc400415508e0d0.tar.gz
otp-85fc9764cee4ba48bb6cac71efc400415508e0d0.tar.bz2
otp-85fc9764cee4ba48bb6cac71efc400415508e0d0.zip
ssh: fix Codenomicon/Defensics auth problem with incomplete pdu
Trailing pdu values being 0 or empty strings are just excluded from the pdu by Codenomicon/Defensics. This is wrong but some kind of habit "out there". This commit makes Erlang SSH accept such pdu in one place because Defensics is king of security tests ...
Diffstat (limited to 'lib/ssh/src')
-rw-r--r--lib/ssh/src/ssh_auth.erl21
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index fb5e086656..1dcf5d0708 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -264,12 +264,23 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
SessionId,
#ssh{opts = Opts,
userauth_supported_methods = Methods} = Ssh) ->
- <<?BYTE(HaveSig), ?UINT32(ALen), BAlg:ALen/binary,
- ?UINT32(KLen), KeyBlob:KLen/binary, SigWLen/binary>> = Data,
- Alg = binary_to_list(BAlg),
+
+ <<?BYTE(HaveSig),
+ ?UINT32(ALen), BAlg:ALen/binary,
+ Rest/binary>> = Data,
+
+ {KeyBlob, SigWLen} =
+ case Rest of
+ <<?UINT32(KLen0), KeyBlob0:KLen0/binary, SigWLen0/binary>> ->
+ {KeyBlob0, SigWLen0};
+ <<>> ->
+ {<<>>, <<>>}
+ end,
+
case HaveSig of
?TRUE ->
- case verify_sig(SessionId, User, "ssh-connection", Alg,
+ case verify_sig(SessionId, User, "ssh-connection",
+ binary_to_list(BAlg),
KeyBlob, SigWLen, Opts) of
true ->
{authorized, User,
@@ -284,7 +295,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
?FALSE ->
{not_authorized, {User, undefined},
ssh_transport:ssh_packet(
- #ssh_msg_userauth_pk_ok{algorithm_name = Alg,
+ #ssh_msg_userauth_pk_ok{algorithm_name = binary_to_list(BAlg),
key_blob = KeyBlob}, Ssh)}
end;